API tools faq
paste
Guest User

Untitled

a guest
Mar 20th, 2018
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.77 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. input file : pcap file
  3. Usage : ./a.out [filename]
  4. Output is stdout with csv format
  5. export tcp, udp, icmp
  6. csv format : ts,Transport Layer protocol,srcIP,srcPort,dstIP,dstPort,payload_size
  7. Issue : ipv4 packets with but not udp, tcp, icmp packet will have some excess line
  8. */
  9.  
  10. #include <iostream>
  11. #include <pcap.h>
  12. #include <net/ethernet.h>
  13. #include <netinet/ip.h>
  14. #include <netinet/in.h>
  15. #include <netinet/tcp.h>
  16. #include <netinet/udp.h>
  17. #include <netinet/ip_icmp.h>
  18. #include <arpa/inet.h>
  19.  
  20. using namespace std;
  21.  
  22. void call_back(u_char *user, const pcap_pkthdr *h, const u_char *bytes);
  23.  
  24. int main(int argc, char **argv) {
  25. char *dev;
  26. char errbuf[PCAP_ERRBUF_SIZE];
  27. if (argc != 2) {
  28. cerr << "Usage : " << argv[0] << " filename" << endl;
  29. return 1;
  30. }
  31. pcap_t *descr;
  32. descr = pcap_open_offline(argv[1], errbuf);
  33. if (descr == NULL) {
  34. cerr << "pcap_open_file failed" << endl;
  35. return 2;
  36. }
  37. if (pcap_loop(descr, 0, call_back, NULL) < 0) {
  38. cerr << "pcap_loop() failed: " << pcap_geterr(descr);
  39. return 3;
  40. }
  41. return 0;
  42. }
  43.  
  44. void call_back(u_char *user, const pcap_pkthdr *h, const u_char *bytes) {
  45. const ether_header *ethernetHeader;
  46. const ip *ipHeader;
  47. const tcphdr *tcpHeader;
  48. const udphdr *udpHeader;
  49. char sourceIP[INET_ADDRSTRLEN];
  50. char dstIP[INET_ADDRSTRLEN];
  51. u_int sourcePort, dstPort;
  52. int dataLength = 0;
  53.  
  54. ethernetHeader = (ether_header *)bytes;
  55. if (ntohs(ethernetHeader->ether_type) == ETHERTYPE_IP) {
  56. printf("%ld.%6ld,", h->ts); //print time
  57. ipHeader = (ip *)(bytes + sizeof(ether_header));
  58. inet_ntop(AF_INET, &(ipHeader->ip_src), sourceIP, INET_ADDRSTRLEN);
  59. inet_ntop(AF_INET, &(ipHeader->ip_dst), dstIP, INET_ADDRSTRLEN);
  60. if (ipHeader->ip_p == IPPROTO_TCP) {
  61. tcpHeader = (tcphdr *)(bytes + sizeof(ether_header) + sizeof(ip));
  62. sourcePort = ntohs(tcpHeader->source);
  63. dstPort = ntohs(tcpHeader->dest);
  64. dataLength = h->len - (sizeof(ether_header) + sizeof(ip) + sizeof(tcphdr));
  65. cout << "tcp,";
  66. } else if (ipHeader->ip_p == IPPROTO_UDP) {
  67. udpHeader = (udphdr *)(bytes + sizeof(ether_header) + sizeof(ip));
  68. sourcePort = ntohs(udpHeader->uh_sport);
  69. dstPort = ntohs(udpHeader->uh_dport);
  70. dataLength = h->len - (sizeof(ether_header) + sizeof(ip) + sizeof(udphdr));
  71. cout << "udp,";
  72. } else if (ipHeader->ip_p == IPPROTO_ICMP) {
  73. sourcePort = 0;
  74. dstPort = 0;
  75. dataLength = h->len - (sizeof(ether_header) + sizeof(ip) + sizeof(icmphdr));
  76. cout << "icmp,";
  77. }
  78. cout << sourceIP << ',' << sourcePort << ',' << dstIP << ',' << dstPort << ',' << dataLength<< endl;
  79. }
  80. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!